stateset_crypto/lib.rs
1#![deny(unsafe_code)]
2#![cfg_attr(not(test), deny(clippy::unwrap_used))]
3
4//! VES v1.0 Cryptographic Operations
5//!
6//! Implements:
7//! - RFC 8785 JSON Canonicalization Scheme (JCS) via `serde_jcs`
8//! - Domain-separated hashing per VES spec
9//! - Ed25519 signing for agent signatures
10//! - AES-256-GCM payload encryption (VES-ENC-1)
11//! - X25519 ECDH key wrapping
12//! - Merkle tree hashing
13
14pub mod canonicalize;
15pub mod encrypt;
16pub mod hash;
17pub mod merkle;
18pub mod sign;
19
20mod encoding;
21mod error;
22
23pub use encoding::{bytes_to_hex, encode_string, hex_to_bytes, u32_be, u64_be, uuid_to_bytes};
24pub use error::CryptoError;
25
26/// Domain separation prefixes (must match sequencer)
27pub mod domain {
28 /// Payload plain hash domain prefix
29 pub const PAYLOAD_PLAIN: &[u8] = b"VES_PAYLOAD_PLAIN_V1";
30 /// Payload AAD domain prefix
31 pub const PAYLOAD_AAD: &[u8] = b"VES_PAYLOAD_AAD_V1";
32 /// Payload cipher hash domain prefix
33 pub const PAYLOAD_CIPHER: &[u8] = b"VES_PAYLOAD_CIPHER_V1";
34 /// Recipients hash domain prefix
35 pub const RECIPIENTS: &[u8] = b"VES_RECIPIENTS_V1";
36 /// Event signing hash domain prefix
37 pub const EVENTSIG: &[u8] = b"VES_EVENTSIG_V1";
38 /// Merkle leaf hash domain prefix
39 pub const LEAF: &[u8] = b"VES_LEAF_V1";
40 /// Merkle node hash domain prefix
41 pub const NODE: &[u8] = b"VES_NODE_V1";
42 /// Merkle padding leaf domain prefix
43 pub const PAD_LEAF: &[u8] = b"VES_PAD_LEAF_V1";
44 /// Stream ID domain prefix
45 pub const STREAM: &[u8] = b"VES_STREAM_V1";
46 /// Receipt hash domain prefix
47 pub const RECEIPT: &[u8] = b"VES_RECEIPT_V1";
48}
49
50/// 32 bytes of zeros -- used for plaintext payloads in cipher hash field
51pub const ZERO_HASH: [u8; 32] = [0u8; 32];